Splunk Search

Community Activity

	JSON miliseconds not taken from timestamp Hi! I have a json log and dedicated sourcetype for it. Sourcetype looks like this: [json] disabled=false KV_MODE=jso... by przemysaw Explorer in Splunk Search 03-07-2019 0 3	0	3
	Help with regex / replace needed Hello, I have the following event: X Mon Mar 4 19:57:48:935 2019 X *** WARNING => MMX 'EGPH5': mm_diagmode set 0 ... by damucka Builder in Splunk Search 03-07-2019 0 2	0	2
	Can you help me with the where command? Hello, I use the seatrch below index="" sourcetype="" \| eval Boot_Duration=coalesce('Durée du démarrage ','B... by jip31 Motivator in Splunk Search 03-06-2019 0 16	0	16
	About "https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/Configureindex-timefieldextraction#Add_an_entry_to_fields.conf_for_the_new_field". There is following description in this manual. For example, say you're performing a simple <field>::1234 extraction ... by yutaka1005 Builder in Splunk Search 03-06-2019 0 2	0	2
	how i can use short for two field? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 03-06-2019 0 2	0	2
	Removing Column Headings with Sparkline I have created a search including sparkline: index=_* type="threat" severity="medium" \| stats sparkline count \| ta... by balcv Contributor in Splunk Search 03-06-2019 0 3	0	3
	customizing colors of charts Is there any way that I can customize the color of column or bar chart? since I wanted to represent green, yellow and... by mdmaala Communicator in Splunk Search 03-06-2019 0 2	0	2
	Pulling multiple Columns from an inputlookup Trying to pull more than one column from an inputlookup. One of the columns maps to a field in the index I am search... by dbturner New Member in Splunk Search 03-06-2019 0 1	0	1
	How to create a new field out of some evaluated data? Hello, So here's my Query: index=video-eng-live \| rename message.timestamp as time \| eval time=strftime(time/1000... by moizmmz Path Finder in Splunk Search 03-06-2019 0 6	0	6
	How do I obtain counts of search results fields within a head command eval-expression? I have an index with events in it that, among others, have the fields shown at the bottom of this post When I execut... by williamcharlton Path Finder in Splunk Search 03-06-2019 0 5	0	5
	How do you do a stats count by a specific field? I'm working on an antivirus correlation rule, and I'm running into a few issues. I want to make sure dest, signature,... by ericl42 Path Finder in Splunk Search 03-06-2019 0 9	0	9
	Can you help me with a tstats count using lookup data? Hello, I have the below query trying to produce the event and host count for the last hour. The index & sourcetype ... by ajith_sukumaran Explorer in Splunk Search 03-06-2019 0 6	0	6
	How come URLs in my lookup table are not working? Greetings everyone! I have a question concerning a CSV lookup table with domains in it, which sadly does not work. ... by VanyBerg Engager in Splunk Search 03-06-2019 0 1	0	1
	How come my chart is not displaying in the right order? In order to remove weekend days completly from my timechart, I created a request : My Base Search \| eval date_wday... by Zakary_n Path Finder in Splunk Search 03-06-2019 0 7	0	7
	How to identify onboarding method used per sourcetype (like Forwaders, DBconnect, Http Event Collector, etc.) Hi, Is there any way to list the methods used for onboarding of data (Forwaders, DBconnect, Syslog, Http EventCollec... by harshal_chakran Builder in Splunk Search 03-06-2019 0 1	0	1
	using curl to run REST_API in linux do not return fields Hi All, i am trying to use Curl to return a search as my result will be >6million to a csv file. using the command: ... by ssaenger Communicator in Splunk Search 03-06-2019 0 5	0	5
	Fetch field name and values based on sourcetype I have one correlation rule trigged against IP reputation. Now we have different network devices, like cisco, f5. I... by rashid47010 Communicator in Splunk Search 03-06-2019 0 0	0	0
	Error search i have look table with known errors and planning to create job which runs on cron schedule and provide me list of er... by sanjds New Member in Splunk Search 03-06-2019 0 1	0	1
	Can you help us with a basic search that uses the stats command? Hi, With the code below, I count the event number by source for a sourcetype. But different sources use the same so... by jip31 Motivator in Splunk Search 03-06-2019 0 10	0	10
	How to get specific value from last event splunk Hi splunk comunity! How can i get specific value from latest event and earliest event during the period i set? I ne... by mishaaaaaaaaaa Explorer in Splunk Search 03-06-2019 0 0	0	0
	How do you split two string values joined in one field? hi! Under the field Username, I have two lists, Machine1 and Machine2 I want to split this into two separate column... by mdmaala Communicator in Splunk Search 03-06-2019 0 3	0	3
	Same computer multiple authentication attempts Hello. How would I write a search to show a computer that has been authenticating to multiple machines. For example, ... by johann2017 Explorer in Splunk Search 03-06-2019 0 3	0	3
	Can you help me extract a filename from a filepath in a field transformation? I have a path (and a variable file_path) that looks like this: C:\\\\Program Files\\\\theapp\\\\the app\\\\Tools\\\\... by mkarimi17 Path Finder in Splunk Search 03-06-2019 0 8	0	8
	How do you purge a lookup table of values over 30 days? So I have a search that runs hourly over a lookup table which I have created that includes IP, ticket number, date_ad... by JakeInfoSec Explorer in Splunk Search 03-06-2019 0 4	0	4
	Field Extraction - Event table only pulling back one line Hi All, I currently am pulling in data from an application and we are looking extract a single line that the event o... by ryangrobbel Explorer in Splunk Search 03-05-2019 0 3	0	3